Closed winezer0 closed 7 months ago
If you wish to use upx
, please install it before gen_agent
, agent builder will automatically take care of compression and config data encryption so you won't be greeted with such error.
The root cause of this issue is how emp3r0r decrypts config data from the executable file. In earlier versions I was using a fixed pattern to locate encrypted config data no matter where it resides in the memory, it worked without issue. Then I made the pattern dynamic, previous mechanism stopped working, therefore you can't make change to the executable otherwise it won't be able to read its config data.
I will improve this part to make it more flexible.
There are two cases here: the first one is packed automatically generated by the gen_agent command, and the second one is packed manually by me, neither of which can be executed normally
Both samples failed to read config data, since they report magic string as 0
. I think it's the same reason somehow.
The run panel dies after the uncompressed version goes live:
Your input somehow crashed readline
module, which is maintained by third-party. I will look into it and hopefully we will get a reliable way to trigger the crash. By the way I suspect that it has something to do with your terminal (MobaXterm I think?)
your terminal (MobaXterm I think?)
YES, My terminal is MobaXterm, but, previous versions did not indicate this error.
Here's how it crashed:
I am sure there will be more divided by zero
crashes in this module as it's barely maintained.
Here's how it crashed:
I am sure there will be more
divided by zero
crashes in this module as it's barely maintained.
Well, this is indeed the cause of the panel's death, and I hope you can fix it
I am waiting for your update on the above two bug
@winezer0 Why did you close the issue? Is it resolved?
I have two issues here to address:
readline
so I can report and resolve it in upstream repo.I have two issues here to address:
- [ ] Improve the way config data is embedded in agent binary so it can be properly read no matter how you pack the binary (as long as it still runs).
sorry, I updated upx , Now the agent is running normally and I think the work of the change was too much, so I shut it down Of course, I will reserve these questions if you have time to deal with them
- [ ] You need to provide a stable way of reproducing the crash in
readline
so I can report and resolve it in upstream repo.
The problem is not that big, as long as the agent doesn't drop out
Stale issue message
Describe the bug
My version v1.31.5,
The generated agent program cannot run properly after upx compression
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Screenshots
amd64 bug
Files with random names are generated:![image](https://github.com/jm33-m0/emp3r0r/assets/46115146/6067572d-af4d-42ce-8433-2c2466f2a273)
I suspect a upx error, but it won't work with the updated version:![image](https://github.com/jm33-m0/emp3r0r/assets/46115146/46b2cedd-2575-40de-96fe-cffbf7d0f5bd)
Errors are also reported in the i386 environment:![image](https://github.com/jm33-m0/emp3r0r/assets/46115146/46acf41a-2ce4-4829-a05a-c241ae49dce9)
Your environment
emp3r0r.json
I suggest that you format your JSON with an online JSON formatter, for example https://codebeautify.org/jsonviewer
CC
Linux distro name and version, use
cat /etc/*release*
to view, paste the result belowThe run panel dies after the uncompressed version goes live:
(It may not be the agent's fault, because the restart panel found that the agent did not drop the line)
C2 Transport
[ ] Direct connection
Agent
[ ] amd64
[ ] 386
OS
Additional context